[JBoss-user] [EJB 3.0] - strange compile error on interceptor tags at method level
i got compile error on @Interceptors or @Interceptor tags at method level. no problem if tags are at class level. jdk1.5.0_06 jboss-4.0.3SP1-03 View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3956426#3956426 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3956426 - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: problems with @SecurityDomain @PermitAll
thanks for reply. jboss.xml is deployed correctly with ejb jar. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3956457#3956457 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3956457 - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - problems with @SecurityDomain @PermitAll
1. because @SecurityDomain is jboss specific, is there a way to remove it from class code and keep just the standard @RolesAllowed? i tried to remove it from source code and have in jboss.xml security-domainmobistax/security-domain after this, i dont get any security on bean methods. 2. why is authentication-authorization required for method s with @PermitAll??? there are methods called even before users and roles are created. one work around is moving these methods to a class with no @SecurityDomain tag. this is bad if you want to keep logical grouping of methods in classes the other work around is to have a dummy role for these methods and pass a dummy username and password. but this unnecessary code. in my opinion, this is a bug. @PermitAll methods should not need any security credentials associated with thread. No authentication and authorization shoud be done. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3956109#3956109 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3956109 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - secure jndi lookup
im using jboss-4.0.3SP1. How to configure a secure jndi lookup? this is not explained in SecureJBoss trail. that is how to specify a username - password in InitialContetxt properties and JBoss returns the lookup jndi resource[eg. ejb] with the given security credentials. If we dont do this, anyone can just hack jndi lookup? Or is there a different alternative to secure jndi lookup? Properties p = new Properties(); ... ... properties.put(Context.SECURITY_PRINCIPAL, username); properties.put(Context.SECURITY_PRINCIPAL, password); InitialContext ctx = new InitialContext(properties); ctx.lookup(something); View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3952900#3952900 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3952900 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - custom login and web.xml declarative security
ive searched and read a lot but havenot found a solution. the question is if you use custom login and not j_security_check then How to associate security credentials with web container so that declarative security in web.xml still works?? - jboss 4.0.3SP1 with bundled tomcat 5.5 - i set up tomcat to delegate security[user authentication and declarative url patterns in web.xml] to jboss using jaas DatabaseServerLoginModule. this works fine with login using FORM method[web.xml] and j_security_check. - but i want to control the login process but theres no way to intecept pre and post of j_security_check. - so i still use FORM method but instead of calling j_security_check, i post to my login action which simply uses the jaas setup described above. this works fine but How to tell web container to associate security credentials(subject ,principals, etc) of the login to apply on declarative security of url patterns in web.xml?? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3938602#3938602 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3938602 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user